New EU laws on net neutrality may be necessary to stop internet service providers (ISPs) from infringing individuals' data protection and privacy rights, the European Data Protection Supervisor (EDPS) has said.
The traffic inspection required to operate systems that breach net neutrality principles and prioritise some content …

COMMENTS

Plusnet Traffic Management

I'm still with Plusnet and still paying extra for them not to 'shape' my traffic, though there is now some shaping on their latest product compared to the previous one I was on albeit with a bigger data cap.

So they shouldn't really be charging extra for the privilege then?

I'm concerned that the bit about asking for consent followed by a refusal to consent, would just lead to the ISP saying sorry we can't supply you broadband then...

Yes, but..

Maybe on YOUR Planet

On this planet, Net Neutrality started as a way to stop ISPs who were, and are, trying to gouge extra money from the people that their customers (that being us) were already paying them to get access to in the first place.

Actually Net Neutrality started as busybody movement looking to solve problems that were ill-defined, nonexistent, somewhere in the future but had something to do with capitalism, making money and not socialism. Which is abhorrent.

The fact that at the end of the pipe, more problems and confusion exist than when one started off, amazing discoveries of mutually incompatible legislation are being made, and a giant hairball of newly minted lawyers, experts, bureaucrats and court jesters is being extruded (surprise!) which have to be paid somehow (by taxes and lawsuits, i.e. ISP end customers).

Spot on

/may/ amount to spying?

"Net neutrality is the principle that an ISP will deliver all content requested by a customer equally, not allowing content producers which pay it to have preferential access to its subscribers."

Given that definition of NN, it can be implemented simply by preferring traffic from certain server IP addresses. No packet inspection is required, so any inspection that occurs goes way beyond any technical need and is a clear privacy violation. What am I missing?

I wasn't thinking about (and I'm not concerned about) anything that involves inspecting or re-writing the packet header. I don't think there is anything private there and my understanding of the specs is that the header is, by design, the bit that intermediate parties are expected to read and modify as part of the delivery process. The packet body, however, is the opposite in just about every way. Nothing beyond "blind copying" should be necessary and therefore anything beyond "blind copying" is evil.

For an ISP to use source or destination addresses, or IP protocol numbers, or TCP/UDP port numbers, as part of its traffic shaping strategy is probably both defensible and open to challenge.

Gratuitously dropping TCP packets, for example, *will* just result in requests for re-transmission, whereas dropped UDP packets are generally just lost. It seems reasonable for an ISP to consider that when deciding what to drop. Similarly, if the port number suggests a higher level protocol that can wait (like FTP) it would be fair to let that packet wait.

Conversely, filtering on the IP address to favour your own services would be like an OS vendor favouring the products from their own applications division. In this case, the ISP would be leveraging their monopoly position in "shunting data around" (at least, it's a monopoly with regard to this particular customer) to extend that dominance into a new market, such as "IP telephony".

So EU oks traffic management

..when it's to inspect and/or block pron, illegal content for the media industries, for law enforcement. And it says

""take all reasonable measures" proportionate to "promote the interests of the citizens of the European Union by ... promoting the ability of end-users to access and distribute information or run applications and services of their choice"."

So applying QoS to priorities delay senstive apps like voice and live video is ok then. If those are using standard protocols, there'll be no need to look beyond the header. But headers contain IP addresses, which may or may not be personal information which ISP's aren't supposed to look at. Or something. It'll probably need another expert group or 3 to waste lots of money figuring that stuff out.

Or, the content industry gets what it thinks it wants with net neutrality and customers end up with lousy quality voice and video.

Let's stop ISPs looking at IP addresses and other fantasies...

"But headers contain IP addresses, which may or may not be personal information which ISP's aren't supposed to look at."

Isn't it a trifle difficult for an ISP to route a packet with looking at the IP addresses?

Of course the issue is what such information can reasonably be used for, not whether it can be looked at. Clearly the header contents have to be looked at for reasons of routing, traffic balancing, intrusion detection, general traffic management, capacity planning, service management and dozens of other legitimate purposes.

The whole net neutrality debate is characterised by the use of emotive terms playing to the audience and precious little to do with the real technical issues of making efficient and reliable uses of networks.

Unintended consequences of laws

Look at the quote-

"Hustinx said in a statement. "By looking into users' internet communications, ISPs may breach the existing rules on the confidentiality of communications, which is a fundamental right that must be carefully preserved. A serious policy debate on net neutrality must make sure that users' confidentiality of communications is effectively protected.""

Many existing process may already breach those rules given they're necessary for the reasons you list, so any proposals to preserve confidentiality under the guise of 'net neutrality may break those. Or disallow ISP's traffic management necessary to deliver service quality and a good user experience. Regulators should stick to regulating when harm can be demonstrated.

Why inspect at all?

The power company does not charge me more for the juice to my lights as opposed to my fridge.

The water company does not charge me more for watering the garden as opposed to having a shower.

The gas company does not...you get the idea.

Data is data, charge me for what I use. If (say) UDP costs more than TCP, then charge me more for data on that protocol. Infrastructure can't take the load? Up your prices, the market will correct the load for you.

@theodore

1) Power: I doubt they can tell which device or purpose the leccy is being used for. They might be able to get Amps vs Volts, but that's just UPD vs TCP vs whatever.

2) Water is bundled in with council tax normally (although I realise this is not universal). But again they cant really tell what I'm using the water for. They know the amount, but that is all.

3) Gas: The is just supply/demand. I have no issue with that. If they charged me more for heating than eating, I'd get annoyed (unless I had multiple supplies for some reason).

But whether or not my examples are the best is really beside the point. Neither of these companies are *spying* in order to artificially inflate prices. I'm sure they'd love to, but that is no reason to let ISPs get away with it.

(FWIW: I don't count reading the header to routing to be "spying". I'm thinking DPI etc.)

"Regulators should monitor whether ISPs are complying"

If I read the article correctly...

..the EU is saying ISPs shouldn't be spying on what I download/upload. On the other hand, if I'm torrenting Shrek IX (The Inevitable) the MPAA will be tracking my IP. So when the MPAA contact my ISP, the ISP will have to say "we have no idea who [IP] is". So the EU is using it's time & resources to make laws that contradict other laws that it has made.

Seems to me the EU is something I pay for, which benefits lawyers. Can't the lawyers at least stump up the money for the Eurocracy themselves maybe?

I don't know if you read the article correctly, but you seem to be confused about networking. Your IP address is not private information, so the ISP can tell the MPAA who you are.

Your address is public. If people don't know it or it isn't on the envelope, you won't get any letters. Your IP address is the same.

The contents of your letters are private. The postman doesn't need to rip open the envelopes in order to deliver them to the right house. The contents of your network packets is the same.

The fact that you are receiving a lot of medium sized parcels in brown envelopes may also private, although the postman doesn't have to open the packets to know. You will certainly find people willing to argue that it shouldn't be wrong for the postman to *notice* such things and organise their rounds to make it easier to accomodate your traffic. It might only become wrong if the postman goes on to publicise the fact that you are getting all this stuff.